How to view the threat list on Symantec endpoint security products

Article:TECH200963  |  Created: 2012-12-18  |  Updated: 2012-12-19  |  Article URL
Article Type
Technical Solution


Is there a way to display all of the threat names which a Symantec endpoint security product detects?


The threat list can be displayed within the following products.  Details on the threat families listed can be found on the Security Response online site.


Symantec Endpoint Protection (SEP) on Windows

To view the list on a SEP 11.x or SEP 12.1.x client:

  1. In the client, on the Status page, next to Antivirus and Antispyware Protection (11.x) or Virus and Spyware Protection (12.1.x), click Options > View Threat List.
    A Detectable Risk List window opens, displaying a list of all detections for this component in the current definition set. You cannot export or search this list.


Symantec Endpoint Protection on Macintosh (SEP for Mac)

To view the list on a SEP for Mac client:

  1. Open SEP for Mac through the menu bar icon, or via Applications > Symantec Solutions > Symantec Endpoint Protection.
  2. In the menu bar, click Tools > Virus Info.
  3. The Virus Definitions Info window opens, displaying a list of all detections in the current definition set. You cannot export this list.
    • To search the list for a specific threat or threats, enter some or all of a threat name next to Display names containing. The list updates as you type.
    • For specific information on a detection, click that detection's name, and then click Learn More. This action opens a new window with information from Security Response.


Symantec AntiVirus for Linux (SAVFL)

To view the list on a SAVFL client:

  1. Open a terminal (command line interface) and navigate to the Symantec AntiVirus directory.
    cd /opt/Symantec/symantec_antivirus
    Note: This is the default installation location. 
  2. Type sav info -t and press Enter to display the list within the terminal window.
    To save this list to a text file, type sav info -t > ~/risklist.txt, and then press Enter.
    This will save the text file risklist.txt to your user directory.


Symantec Endpoint Protection Mobile Edition (SEPME) 6 and Symantec Mobile Security (SMS) 7.2 on Windows Mobile 

To view the list on SEPME 6 or SMS 7.2 client:

  1. Open the product's interface.  
  2. Click Menu > Threat Definitions.  

Information on the definition versions and the threats covered is displayed.

Important Note 

Given the amount of malware currently in circulation, Symantec recommends protecting every endpoint in an enterprise network (server, laptop, desktop, embedded point-of-sale (POS) and mobile device) with an up-to-date client. It is not sufficient to install an endpoint security program on one server with the expectation it will keep all its clients protected. It is also extremely risky to run LiveUpdate less often than once per day.

Essential information from Symantec Security Response can be found in the article Symantec Endpoint Protection – Best Practices.


Technical Information

Will SEP for Mac detect and remediate only threats that are designed to target Macintosh computers? Will SAV for Linux only detect and remediate Linux threats?

  • SEP on Windows will detect all known Linux threats, Windows threats, and Mac threats
  • SEP on Mac will detect all known Linux threats, Windows threats, and Mac threats
  • SAVFL on Linux computers will detect all known Linux threats, Windows threats, and Mac threats.
  • Symantec Mobile Security 7.2 / SEP Mobile Edition on Windows Mobile will only catch threats that are designed to target the Android/WM platforms (not the full range of Windows, Linux and Mac definitions)

For example: if an organization has a file server that is running Linux and is defended by SAV for Linux, that server can block threats that target the environment's Windows clients. 

SMS 7.2 on an Android of Windows Mobile phone does not have the memory, CPU, and other resources to detect every threat for every platform.  Mobile products are designed to protect only the mobile device.

Article URL

Terms of use for this information are found in Legal Notices